Wellness registry

ABSTRACT

The present disclosure relates to receiving and sharing wellness data. The wellness data can be received by a user device from any number of sensors external or internal to the user device, from a user manually entering the wellness data, or from other users or entities. The user device can securely store the wellness data on the user device and transmit the wellness data to be stored on a remote database. A user of the device can share some or all of the wellness data with research entities conducting research studies, friends, relatives, caregivers, healthcare providers, or the like.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. application Ser. No.15/167,699, filed on May 27, 2016, which is a continuation ofPCT/US2013/073188, filed on Dec. 4, 2013. The contents of which areincorporated herein by reference.

FIELD

The following disclosure relates generally to data management and, morespecifically, to sharing wellness data.

BACKGROUND

Approximately 133 million Americans currently suffer from at least onechronic condition. This number is expected to rise to approximately 165million by the year 2020. As a result, the cost of healthcare in theUnited States is expected to increase dramatically. Attempts have beenmade to improve the health of individuals by providing them with toolsto monitor and track their wellness data. Wellness data can generallyinclude any type of data associated with a person's health, such astheir weight, heart rate, blood pressure, blood glucose level,medication compliance, activity level, or the like. Users can monitortheir wellness using devices, such as blood pressure cuffs, bloodglucose monitors, electrocardiograms, step counters, and the like.Software applications (e.g., Apps) associated with each of these deviceshave also been developed to allow users to track their wellness dataover time. While each application can be used to view useful informationabout a user's health, current applications are limited in their abilityto allow users to store, view, and share wellness data collected bydifferent devices.

SUMMARY

The present disclosure relates to processes for sharing wellness data.One example process may include receiving, from a plurality of userdevices, wellness data authorized for storage to a database of wellnessdata; storing the wellness data in the database of wellness data;receiving, from a research entity, a request to access the database ofwellness data; approving the request to access the database of wellnessdata; receiving, from the research entity, a request to perform a searchquery on the database of wellness data; performing the search query onthe database of wellness data; and transmitting results of the searchquery to the research entity.

In some examples, the wellness data is associated with a plurality ofusers, and wherein an authorization to include the wellness data in thedatabase of wellness data was received from each of the plurality ofusers prior to the wellness data being stored in the database ofwellness data.

In some examples, the process may further include receiving wellnessdata of two or more users; and storing the received wellness data of thetwo or more users in the database of wellness data. In other examples,the process may further include receiving, before storing the receivedwellness data of the two or more users in the database of wellness data,an authorization from each of the two or more users to include thereceived wellness data in the database of wellness data.

In some examples, the process may further include receiving wellnessdata of two or more users; and excluding the received wellness data ofthe two or more users from the database of wellness data absent anauthorization from each of the two or more users that their wellnessdata is to be included in the database of wellness data.

In some examples, the process may further include wellness data of twoor more users, wherein the wellness data of each of the two or moreusers is received from a wellness database located on a user device ofeach user.

In some examples, the process may further include updating the databaseof wellness data by receiving one of intermittent and continuous updatesfrom the wellness database located on each user's user device.

In some examples, the database of wellness data comprises metadataassociated with the wellness data, wherein the metadata comprises a timethe wellness data was recorded, a type of the wellness data, and adevice used to record the wellness data.

In some examples, the database of wellness data comprises wellness datafrom a plurality of users. In other examples, the process may furtherinclude receiving, prior to performing the search query, authorizationfrom two or more users of the plurality of users to authorize theirwellness data to be searchable. In yet other examples, the process mayfurther include denying a search query on wellness data from theplurality of users absent authorization that their wellness data is tobe searchable.

In some examples, the wellness data is stored in the database ofwellness data anonymously.

Another example process may include receiving, from a plurality of userdevices, wellness data authorized for storage to a database of wellnessdata; storing the wellness data in the database of wellness data;receiving, by a server, an authorization from a user to provide accessto at least a portion of the user's wellness data in the database ofwellness data; and providing access to the at least a portion of theuser's wellness data in the database of wellness data based on theauthorization.

In some examples, the authorization authorizes entities to performsearch queries on the at least a portion of the user's wellness data.

In some examples, the authorization is received in response to a requestmade by a querying entity. In other examples, the request comprises aselectable link transmitted to a user device of the user, and whereinthe authorization is transmitted to the server in response to aselection of the link. In yet other examples, the selectable link isdisplayed in an application associated with a type of wellness data onthe user's user device.

In some examples, the authorization authorizes an entity conducting aresearch study to access the at least a portion of the user's wellnessdata. In other examples, the authorization is transmitted to the serverin response to the user selecting the research study from a list ofresearch studies displayed on a user device of the user.

In some examples, the process may further include receiving, by theserver, data associated with research studies of interest to the user;monitoring a plurality of research studies; and transmitting anotification to a user device of the user in response to a researchstudy of the plurality of research studies matching the data associatedwith research studies of interest to the user. In other examples, thenotification is displayed on the user device of the user as an email,text, message, banner, or badge, and wherein the notification comprisesa selectable link that causes an authorization to be transmitted to theserver granting access to the user's data by an entity conducting theresearch study of the plurality of research studies.

In some examples, the process may further include receiving, beforereceiving the authorization from the user to provide access to at leasta portion of the user's wellness data, the user's wellness data; andstoring the user's wellness data in the database of wellness data. Inother examples, the method may further include receiving, before storingthe user's wellness data in the database of wellness data, authorizationfrom the user to include the user's wellness data in the database ofwellness data.

Systems and non-transitory computer-readable storage media forperforming these processes are also provided.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A illustrates a block diagram of an example system for receivingwellness data according to various examples.

FIG. 1B illustrates a block diagram of an example system for sharingwellness data according to various examples.

FIG. 2 illustrates an example process for performing search queries on ahealth registry according to various examples.

FIG. 3 illustrates a block diagram depicting an exemplary interactionbetween a research entity and a health registry using the process ofFIG. 2.

FIG. 4 illustrates an example process for managing access to a healthregistry according to various examples.

FIG. 5 illustrates an example computing system for receiving and sharingwellness data according to various examples.

DETAILED DESCRIPTION

In the following description of the disclosure and examples, referenceis made to the accompanying drawings in which it is shown by way ofillustration specific examples that can be practiced. It is to beunderstood that other examples can be practiced and structural changescan be made without departing from the scope of the disclosure.

The present disclosure relates to receiving and sharing wellness data.The wellness data can be received by a user device from any number ofsensors external or internal to the user device, from a user manuallyentering the wellness data, or from other users or entities. The userdevice can securely store the wellness data on the user device andtransmit the wellness data to be stored on a remote registry database. Auser of the device can share some or all of the wellness data stored inthe registry database with research entities conducting researchstudies.

System Overview

FIG. 1 illustrates an example system 100A for receiving wellness data.As mentioned above, wellness data can include, but is not limited to,any type of data associated with a person's health, such as theirweight, heart rate, blood pressure, blood glucose level, medicationcompliance, activity level, or the like. System 100A can be used tocollect wellness data associated with a user, store the wellness dataand present the wellness data to the user in useful ways. System 100Acan further be used to collect non-wellness data along with wellnessdata, correlate the non-wellness data with the wellness data, anddisplay the non-wellness data with the wellness data.

System 100A can include one or more user devices 110 including anyelectronic device, such as a mobile phone, tablet computer, desktopcomputer, laptop computer, PDA, or the like. User device 110 can includean operating system and a wellness database 111 for securely storingwellness or non-wellness data along with associated metadata, such asthe time the data was recorded, type of data, device used to record thedata, user associated with the data, and the like. User device 110 canfurther include application programming interfaces (APIs) with accesscontrols for storing data in the wellness database 111 and for accessingdata stored in the wellness database 111.

User device 110 can be configured to receive wellness or non-wellnessdata from various sources and can store the received data in thewellness database. For example, user device 110 can be configured toreceive wellness or non-wellness data from sensors 102, 104, 106, and108. These sensors can include any type of sensor capable of obtainingwellness data, such as a biometric sensor, activity tracker, or thelike. For example, sensors 102, 104, 106, and 108 can include, but arenot limited to, a scale, blood pressure cuff, blood glucose monitor,electrocardiogram, step counter, gyroscope, accelerometer, SpO2 sensor,respiration sensor, posture sensor, stress sensor, photoplethysmogram,galvanic skin response sensor, temperature sensor, asthma inhaler, orthe like. Sensors 102, 104, 106, and 108 can also include other types ofsensors, such as audio sensors, ambient light sensors, electromagneticsensors, touch sensors, capacitive sensors, and the like, for obtainingnon-wellness data, such as situational data, temporal data, personaldata, contact data, and the like data. In some examples, each sensor canbe a separate device, while, in other examples, any combination of twoor more of the sensors can be included within a single device. Forexample, the gyroscope, accelerometer, photoplethysmogram, galvanic skinresponse sensor, and temperature sensor can be included within awearable electronic device, such as a smart watch, while the scale,blood pressure cuff, blood glucose monitor, SpO2 sensor, respirationsensor, posture sensor, stress sensor, and asthma inhaler can each beseparate devices. While specific examples are provided, it should beappreciated that other sensors can be used and other combinations ofsensors can be combined into a single device.

Sensors 102, 104, 106, and 108 can be used to measure wellness ornon-wellness data continuously, intermittently, periodically, or at anyother desired frequency or interval of time. For example, sensors 102,104, 106, and 108 can be used to obtain a single measurement or multiplemeasurements over a length of time. Additionally, sensors 102, 104, 106,108 can be used to measure wellness or non-wellness data at any time orlocation desired by the user. Moreover, sensors 102, 104, 106, and 108can be used with or without the supervision of a healthcare provider.For example, a user can use sensors 102, 104, 106, and 108 to obtainsensor measurements at home without the supervision of a medicalprofessional.

In some examples, user device 110 can include software sensorapplications 113 (e.g., third party applications) associated with eachof sensors 102, 104, 106, and 108 for interfacing with the sensors toallow user device 110 to receive the wellness or non-wellness data. Inthese examples, the applications 113 can use the device's APIs to storethe wellness or non-wellness data in the wellness database 111 of userdevice 110. In some examples, the software sensor applications 113 canbe Apps and device 110 can be a smart phone, tablet computer, or thelike. It should be understood that “third party” can correspond to anentity different than the manufacturer of device 110 and/or the entitythat created and/or maintains the operating system of device 110. Inthese instances, third party applications and their correspondingsensors can communicate and function within the operating system ofdevice 110 according to a predefined device protocol associated withdevice 110.

The applications 113 can similarly use the device's APIs to access datastored in the wellness database 111. In other examples, user device 110can be configured to share one or more communication formats withsensors 102, 104, 106, and 108 to allow user device 110 to receive andinterpret the wellness or non-wellness data from the sensors. Thereceived data can then be stored in the wellness database 111 of userdevice 110.

User device 110 can further receive wellness or non-wellness data fromits own wellness or non-wellness data sensors 115, such as a GPS sensor,clock, gyroscope, accelerometer, or the like, from a user interactingwith user device 110, from another entity, such as a physician, or fromother non-sensor sources. For example, using the device's APIs, wellnessor non-wellness data can be received from applications 117 on userdevice 110, such as a clock application, a calendaring application, agaming application, an application from a healthcare provider, amessaging application, or the like. The wellness or non-wellness datafrom the applications 117 can originate from a user interacting with theapplications, a remote database (e.g., database for a medical website),a healthcare provider institution (e.g., via the institution's App), orthe like. In these examples, the usage of the application 117 (e.g., howlong you play a video game application, when you play the video game,number of times interacting with a stock application, number of timesinteracting with a social networking application, length of timeinteracting with a social networking application, etc.), usage of userdevice 110 (e.g., length of time on the phone or number of text messagessent as determined from a phone payment application, time spent browsingthe Internet as determined from the device's browser, etc.), time spentlistening to music as determined from a music or streaming radioapplication, time spent using a remote application for controlling atelevision, amount of time or money spent on shopping websites, timespent on pornographic websites (e.g., to identify addictions), weatherdata from a weather application (e.g., to determine how weather affectsa user's health), type of events occurring in the user's life asdetermined from a calendar (e.g., meetings, birthdays, holidays, etc.),interactions with certain people as determined from a contact listand/or calendar application and/or a messaging application and/or phoneof user device 110, or the like, can be received by user device 110 andstored in the wellness database 111.

In some examples, default or user-selected settings can be provided torestrict the access that at least one application (e.g., at least one ofapplications 113 and 117) on user device 110 has to the wellnessdatabase 111 of user device 110 (for both storage and retrievalpurposes) and to the sensor data generated by sensors 115 within userdevice 110 and/or sensor data generated by sensors 102, 104, 106, and108. For example, an application for tracking a user's running sessionscan be granted access to the data generated by the GPS sensor of userdevice 110, but can be prevented from accessing the user's bloodpressure data stored in the wellness database 111. In some examples, anentity other than the owner of user device 110 can set the authorizationsettings for various applications on user device 110. For example, themanufacturer of user device 110 and/or the entity that created and/ormaintains the operating system of user device 110 can evaluate theapplications to determine if they should be given access to the user'swellness data and/or sensor data generated or received by user device110. In some examples, these settings can be overridden by the user.

FIG. 1B illustrates system 100B for sharing user wellness data.Referring to FIG. 1B, system 100B can include registry server 118communicatively coupled to user device 110 via network 112, which caninclude the Internet, an intranet, or any other wired or wireless publicor private network. In the case in which a user of device 110 wishes todo so by opting into data sharing, user device 110 can be configured tosecurely transmit the received wellness or non-wellness data andassociated metadata stored in wellness database 111 to registry server118 for storage in registry database 120. The user of device 110 can optinto sharing some or all of their wellness and non-wellness data. Forexample, a user can choose to share all wellness and non-wellness data,only certain types of wellness or non-wellness data, or a subset of atype of wellness or non-wellness data. Registry database 120 can be usedto store wellness or non-wellness data associated with a large number ofusers for the purpose of providing researchers with access to a largevolume of wellness data that would not otherwise be available to them.For privacy reasons, registry database 120 can be configured to securelystore a user's wellness or non-wellness data anonymously (e.g., withoutidentifying and/or personal information about the user, such as a legalname, username, time and location data, or the like). Additionally, thewellness or non-wellness data can only be included within registrydatabase 120 (or, alternatively, made searchable) with the user'sauthorization by, for example, opting into a data sharing program.Absent such an authorization, the user's wellness or non-wellness datamay be excluded from registry database 120 (e.g., by not storing theuser's wellness or non-wellness data in registry database 120). In someexamples, the identifiers for users in registry database 120 can bedifferent for each querying entity. For example, a first research entitymay be provided with an identifier having a value of 37 for one of theusers in registry database 120, while a second research entity may beprovided with an identifier having a value of 82 for the same user. Thiscan be done to prevent collusion between researchers. The operation ofregistry database 120 will be discussed in greater detail below withrespect to FIGS. 2-3.

System 100B can further include any number of other user devices 122 and124 coupled to network 112. In some examples, user devices 122 and 124can be operated by the same user as user device 110. In these instances,the user can transmit their wellness or non-wellness data to registryserver 118 for storage in registry database 120 using appropriatecredentials. Additionally, in some examples, a user's wellness data canby synced between registry database 120 and one or more of user devices110, 122, and 124. In other examples, the user of user devices 122 and124 can be a person that is different than the user of user device 110.In these examples, the users of devices 122 and 124 cannot access thewellness or non-wellness data of the user of user device 110 withinregistry database 120. While not shown, it should be appreciated thatmany other user devices can be coupled to registry server 118 throughnetwork 112 to collect and store wellness or non-wellness data for otherusers in a manner similar to that described above.

Registry Database

As discussed above, registry database 120 can be used to store wellnessor non-wellness data from a large number (e.g., millions) of users upontheir authorization. Researchers can then request access to the wellnessor non-wellness data for the purpose of performing medical research.Providing researchers with a reliable stream of constantly updatingsensor data for millions of users can allow the researchers to conductfaster and more accurate studies.

For privacy reasons, different levels of authorization can be used tocontrol access to the data contained in registry database 120. Once auser authorizes some or all of their wellness or non-wellness data to beaccessed by adding their data to registry database 120, the user oranother entity, such as a review board associated with registry database120, can provide researchers or querying entities with various levels ofauthorization to access the registry data. In a first level ofauthorization, a querying entity can be given access to certain types ofwellness data, such as blood pressure and height, for all registryparticipants. Under this level of authorization, the querying entity'saccess to data contained in registry database 120 can be limited to thetypes of data specified by the authorization. In some examples, theowner/operator of registry database 120 can perform queries submitted byquerying entities to further limit the access the researchers have tothe wellness or non-wellness data contained in registry database 120.

In a second level of authorization, a querying entity can be givenlimited access to data that allows the querying entity to identifypotential study participants, generate population level histograms, orthe like. Under this level of authorization, if the querying entitydesires more detailed information about specific user records, then anexplicit authorization from the associated users may be required. Theauthorization from the user can be received in response to a requestmade by the querying entity and sent to the user by registry server 118.The request can include a link or other selectable element that canallow the user to quickly opt-in to the study, thereby granting accessto the user's wellness or non-wellness data. The link or otherselectable element can be part of a user interface associated with anApp from applications 113 or 117 that can be associated with one or moretypes of wellness, non-wellness, or sensor data.

Users can also proactively provide explicit authorization to some or allof their wellness data to selected research studies. For example, userscan search for certain studies by searching, using a computing device(e.g., user device 110), through a displayed list of research studiesstored by registry server 118, selecting a research study of interestfrom the list via a user input to the computing device, and making aselection by providing a user input to the computing device to opt-in toparticipate in the study. This authorization can then be transmittedfrom user device 110 to registry server 118 via network 112, therebygranting access to the research entity performing the research study ofinterest. In another example, a user can provide registry server 118with information about the type(s) of research studies that may be ofinterest to the user. For example, the user may select from a displayedlist of types of illnesses, types of data, and the like (e.g., highblood pressure, colon cancer, heart disease, activity data, and thelike), and select from the displayed list via a user input to thecomputing device, the type of illnesses studies that they are interestedin participating in. Registry server 118 can monitor a current list ofresearch studies being conducted to identify studies that match theuser's preferences and can send notifications to potentially interestedusers via network 112 and user device 110. The notifications can bedisplayed on the user's device as an email, text, message, banner,badge, or the like, and can include a link or other selectable elementthat, when selected by the user, can allow the user to quickly opt-in tothe study, thereby granting the entity associated with the study accessto the user's wellness or non-wellness data.

In some examples, the querying entity can request additional data notcontained in the registry database from the users. This request can besent by the research entity or the owner/operator of the registry server(e.g., via registry server 118) to a device (e.g., user device 110) ofthe user. If the user agrees to participate, the user's registryidentification can be revealed to the querying entity to allow thequerying entity to combine the user's registry data with the requestedadditional data.

FIG. 2 illustrates an example process that can be used to performqueries on registry database 120. At block 202, an owner or operator ofa registry database similar or identical to database 120 can receive arequest to access wellness or non-wellness data stored in the registry.The request can be received by registry server 118 via network 112 orcan be received through another communication medium (e.g., paperapplication request, telephone, in-person, or the like). The requestingresearch entity can, in some examples, be a part of an institution, suchas a university, company, or the like, and can first request and receiveapproval for performing the research study from an internal reviewboard. To illustrate, FIG. 3 shows a block diagram depicting an examplequery interaction 300 that can occur when performing queries on registrydatabase 120 using process 200. As shown, research entity 302 can submita request for approval of a research study to an institutional reviewboard 304. The institutional review board 304 can review the merits ofthe study and either approve or deny the request. If approved, theresearch entity can submit a request to access one or more types ofapproved data contained in registry database 120. This request can bereceived by the owner/operator of registry database 120 (e.g., systemreview board 306).

Referring back to FIG. 2, at block 204, the owner/operator of registrydatabase 120 can evaluate the request to determine if access to thewellness or non-wellness data should be granted. This can includeevaluating the entity submitting the request, the proposed researchstudy, the type or amount of data requested, or the like. If the requestis denied, the process can return to block 202 where additional requestsfor access to the wellness or non-wellness data can be received from thesame or other research entities. If, however, the request is granted,the process can proceed to block 206.

At block 206, a search query to be performed on the registry databasecan be received. The request can include any number of search parametersrelated to the types of wellness or non-wellness data and the metadatastored in the registry database. The search query can be evaluated todetermine if it violates any search query rules (if any exist). Forexample, search queries can be rejected if they would too narrowlycharacterize the user, such that the user's identity can be determinedor inferred. If the search query is approved, the owner/operator of theregistry database can execute the search query on the registry database.In some examples, before the search query can be executed on users' datain the registry data, authorizations from the users to allow their datato be searchable can be received. In these examples, if no authorizationis received from a user, the search query request to search the user'sdata can be denied and the search query may not be executed on theuser's data. To illustrate, referring again to FIG. 3, research entity302 can submit a query request to system review board 306 for a query tobe run on registry database 120. If approved by system review board 306,the query can be executed on the wellness and non-wellness data in theregistry database of users that provided authorizations to allow theirdata to be searchable.

Referring back to FIG. 2, at block 208, the results of the search querycan be provided to the requesting research entity. The results caninclude any desired amount of wellness or non-wellness data resultingfrom the search query. For example, the results can include only a listof anonymous identifiers for users that match the search query.Depending on the authorization settings, the research entity can thenrequest that notifications be sent to the matching users, asking them ifthey would like to participate in the research study. In other examples,some or all of the wellness or non-wellness data associated withmatching users can be provided to the requesting research entity. Theamount of data can depend on the preferences of the owner/operator ofthe registry server, level of authorization provided by the users, termsof the agreement between the research entity and the owner/operator ofregistry server 118, or the like. In some examples, if authorized by theuser, the research entity can request additional data not contained inthe registry database from the users. This request can be sent by theresearch entity or the owner/operator of the registry server (e.g., viaregistry server 118) to a device (e.g., user device 110) of the user.

To illustrate, referring again to FIG. 3, the search query can beperformed on registry database 120 and the results of the query can betransmitted to research entity 302. While shown as being sent directlyfrom registry database 120 to research entity 302, it should beappreciated that a server, such as registry server 118, can be used totransmit the query results to research entity 302.

In some examples, before or after any blocks of process 200, thecontents of the registry database can be updated. In these examples, thewellness or non-wellness data from one, two, or more users can bereceived by the registry's server (e.g., registry server 118) from thedevice(s) of the user(s). For example, the wellness or non-wellness datacan be stored on wellness database 111 of user device 110 and can betransmitted to registry server 118 via network 112. In response toreceiving the wellness or non-wellness data, the registry database canbe updated to include the received wellness or non-wellness data. Insome examples, user devices of users that store wellness or non-wellnessdata in the registry database can transmit updates to the users'wellness or non-wellness data periodically, intermittently,continuously, or at any other desired interval of time.

In some examples, user device 110 or another computing device candisplay an interface for searching for research studies in which a usercan participate. The interface can include a list of one or morepossible research studies in which a user can participate. The interfacecan allow a user to search for particular research studies based on anydesired criteria, such as location, entity conducting the study, thesubject of the study, or the like. In some examples, the interface caninclude one or more recommended studies that the user is particularlyqualified to participate in based on the user's wellness data stored inthe registry. For example, if the user's wellness data in registrydatabase 120 indicates that the user is a male with brown hair,diabetes, and over the age of 50, the research study search interfacecan recommend diabetes research studies that are looking forparticipants having those traits. In some examples, the interface caninclude a button or other selectable element that a user can select tomake their wellness data in registry database 120 available for use inthe selected research study.

FIG. 4 illustrates an exemplary process 400 for managing access to ahealth registry according to various examples. At block 402, anauthorization to provide access to wellness or non-wellness data in aregistry database similar or identical to registry database 120 can bereceived. In some examples, the request can be received by a server(e.g., registry server 118) associated with the registry database from acomputing device similar or identical to user device 110, 122, or 124.The authorization can include an indication of a user's desire to opt into a sharing program.

In one example, the authorization can indicate that the user authorizesresearch entities to perform queries (e.g., using process 200) on someor all of the user's data. For example, the authorization can indicatethat all of the user's data can be queried, certain types of the user'sdata can be queried, or a subset of a type of the user's data can bequeried.

In another example, the authorization can be received in response to arequest made by the querying entity and sent to the user by the registryserver. The request can include a link or other selectable element thatcan allow the user to quickly opt-in to the study, thereby grantingaccess to the user's wellness or non-wellness data. The link or otherselectable element can be part of a user interface associated with anApp from applications (e.g., applications 113 or 117) that can beassociated with one or more types of wellness, non-wellness, or sensordata.

In other examples, the authorization can include an explicitauthorization to some or all of the user's data to selected researchstudies. For example, the user can search for certain studies bysearching, using the computing device, through a displayed list ofresearch studies stored by the registry server, selecting a researchstudy of interest from the list via user input to the computing device,and making a selection by providing a user input to the computing deviceto opt-in to participate in the research study. An authorization for anentity associated with the selected research study to access the user'sdata can be transmitted to the registry server.

In another example, the user can provide the registry server withinformation about the type(s) of research studies that may be ofinterest to the user. For example, the user may select from a displayedlist of types of illnesses, types of data, and the like (e.g., highblood pressure, colon cancer, heart disease, activity data, and thelike) and select from the displayed list via a user input to thecomputing device, the type of illnesses studies they are interested inparticipating in. The registry server can monitor a current list ofresearch studies being conducted to identify studies that match theuser's preferences and can send notifications to potentially interestedusers via a network (e.g., network 112) and the user's computing device.The notifications can be displayed on the user's device as an e-mail, atext, a message, a banner, a badge or the like and can include a link orother selectable element that, when selected by the user, can allow theuser to quickly opt-in to the study, thereby granting the entityassociated with the study access to the user's wellness or non-wellnessdata. In response to the user's selection, an authorization granting theentity access to the user's wellness data can be transmitted to theregistry server.

At block 404, access to the wellness and non-wellness data in theregistry server can be provided based on the authorization received atblock 402. In some examples, this can include allowing research entitiesto query the data using, for example, process 200. In other examples,this can include providing a particular entity identified in theauthorization with access to the user's data. If, however, noauthorization was received to provide access to a user's data at block402, any requests to query or access the user's data can be denied.

One or more of the functions relating to receiving and sharing wellnessdata can be performed by a system similar or identical to system 500shown in FIG. 5. System 500 can include instructions stored in anon-transitory computer readable storage medium, such as memory 504 orstorage device 502, and executed by processor 506. The instructions canalso be stored and/or transported within any non-transitory computerreadable storage medium for use by or in connection with an instructionexecution system, apparatus, or device, such as a computer-based system,processor-containing system, or other system that can fetch theinstructions from the instruction execution system, apparatus, or deviceand execute the instructions. In the context of this document, a“non-transitory computer readable storage medium” can be any medium thatcan contain or store the program for use by or in connection with theinstruction execution system, apparatus, or device. The non-transitorycomputer readable storage medium can include, but is not limited to, anelectronic, magnetic, optical, electromagnetic, infrared, orsemiconductor system, apparatus or device, a portable computer diskette(magnetic), a random access memory (RAM), a read-only memory (ROM), anerasable programmable read-only memory (EPROM) (magnetic), a portableoptical disc such a CD, CD-R, CD-RW, DVD, DVD-R, or DVD-RW, or flashmemory such as compact flash cards, secured digital cards, USB memorydevices, memory sticks, and the like.

The instructions can also be propagated within any transport medium foruse by or in connection with an instruction execution system, apparatus,or device, such as a computer-based system, processor-containing system,or other system that can fetch the instructions from the instructionexecution system, apparatus, or device and execute the instructions. Inthe context of this document, a “transport medium” can be any mediumthat can communicate, propagate or transport the program for use by orin connection with the instruction execution system, apparatus, ordevice. The transport medium can include, but is not limited to, anelectronic, magnetic, optical, electromagnetic or infrared wired orwireless propagation medium.

In some examples, system 500 can be included within user device 110 orregistry server 118. Processor 506 can be configured to perform process200 or 400. It is to be understood that the system is not limited to thecomponents and configuration of FIG. 5 but can include other oradditional components in multiple configurations according to variousexamples.

Although the disclosure and examples have been fully described withreference to the accompanying drawings, it is to be noted that variouschanges and modifications will become apparent to those skilled in theart. Such changes and modifications are to be understood as beingincluded within the scope of the disclosure and examples as defined bythe appended claims.

What is claimed is:
 1. A computer-implemented method comprising:receiving, from a plurality of user devices, wellness data authorizedfor storage to a database of wellness data; storing the wellness data inthe database of wellness data; receiving, from a research entity, arequest to access the database of wellness data; approving the requestto access the database of wellness data; receiving, from the researchentity, a request to perform a search query on the database of wellnessdata; determining whether a user's identity can be determined orinferred from the search query; in accordance with a determination thata user's identity can be determined or inferred from the search query,rejecting the search query; and in accordance with a determination thatthe search query is approved: performing the search query according tosearch query rules; and transmitting results of the search query to theresearch entity.
 2. The computer-implemented method of claim 1, whereinthe wellness data is associated with a plurality of users, and whereinan authorization to include the wellness data in the database ofwellness data was received from each of the plurality of users prior tothe wellness data being stored in the database of wellness data.
 3. Thecomputer-implemented method of claim 1, further comprising: receivingwellness data of two or more users; and storing the received wellnessdata of the two or more users in the database of wellness data.
 4. Thecomputer-implemented method of claim 3 further comprising receiving,before storing the received wellness data of the two or more users inthe database of wellness data, an authorization from each of the two ormore users to include the received wellness data in the database ofwellness data.
 5. The computer-implemented method of claim 1, furthercomprising: receiving wellness data of two or more users; and excludingthe received wellness data of the two or more users from the database ofwellness data absent an authorization from each of the two or more usersthat their wellness data is to be included in the database of wellnessdata.
 6. The computer-implemented method of claim 1, further comprisingreceiving wellness data of two or more users, wherein the wellness dataof each of the two or more users is received from a wellness databaselocated on a user device of each user.
 7. The computer-implementedmethod of claim 6, further comprising updating the database of wellnessdata by receiving one of intermittent and continuous updates from thewellness database located on each user's user device.
 8. Thecomputer-implemented method of claim 1, wherein the database of wellnessdata comprises metadata associated with the wellness data, wherein themetadata comprises a time the wellness data was recorded, a type of thewellness data, and a device used to record the wellness data.
 9. Thecomputer-implemented method of claim 1, wherein the database of wellnessdata comprises wellness data from a plurality of users.
 10. Thecomputer-implemented method of claim 9, further comprising receiving,prior to performing the search query, authorization from two or moreusers of the plurality of users to authorize their wellness data to besearchable.
 11. The computer-implemented method of claim 9, furthercomprising denying the search query on wellness data from the pluralityof users absent authorization that their wellness data is to besearchable.
 12. The computer-implemented method of claim 1 wherein thewellness data is stored in the database of wellness data anonymously.13. A non-transitory computer-readable storage medium storing one ormore programs configured to be executed by one or more processors, theone or more programs including instructions for: receiving, from aplurality of user devices, wellness data authorized for storage to adatabase of wellness data; storing the wellness data in the database ofwellness data; receiving, from a research entity, a request to accessthe database of wellness data; approving the request to access thedatabase of wellness data; receiving, from the research entity, arequest to perform a search query on the database of wellness data;determining whether a user's identity can be determined or inferred fromthe search query; in accordance with a determination that a user'sidentity can be determined or inferred from the search query, rejectingthe search query; and in accordance with a determination that the searchquery is approved: performing the search query according to search queryrules; and transmitting results of the search query to the researchentity.
 14. The non-transitory computer-readable storage medium of claim13, wherein the wellness data is associated with a plurality of users,and wherein an authorization to include the wellness data in thedatabase of wellness data was received from each of the plurality ofusers prior to the wellness data being stored in the database ofwellness data.
 15. The non-transitory computer-readable storage mediumof claim 13, further comprising instructions for: receiving wellnessdata of two or more users; and storing the received wellness data of thetwo or more users in the database of wellness data.
 16. Thenon-transitory computer-readable storage medium of claim 15, furthercomprising instructions for: receiving, before storing the receivedwellness data of the two or more users in the database of wellness data,an authorization from each of the two or more users to include thereceived wellness data in the database of wellness data.
 17. Thenon-transitory computer-readable storage medium of claim 13, furthercomprising instructions for: receiving wellness data of two or moreusers; and excluding the received wellness data of the two or more usersfrom the database of wellness data absent an authorization from each ofthe two or more users that their wellness data is to be included in thedatabase of wellness data.
 18. The non-transitory computer-readablestorage medium of claim 13, further comprising instructions for:receiving wellness data of two or more users, wherein the wellness dataof each of the two or more users is received from a wellness databaselocated on a user device of each user.
 19. The non-transitorycomputer-readable storage medium of claim 18, further comprisinginstructions for: updating the database of wellness data by receivingone of intermittent and continuous updates from the wellness databaselocated on each user's user device.
 20. The non-transitorycomputer-readable storage medium of claim 13, wherein the database ofwellness data comprises metadata associated with the wellness data,wherein the metadata comprises a time the wellness data was recorded, atype of the wellness data, and a device used to record the wellnessdata.
 21. The non-transitory computer-readable storage medium of claim13, wherein the database of wellness data comprises wellness data from aplurality of users.
 22. The non-transitory computer-readable storagemedium of claim 21, further comprising instructions for: receiving,prior to performing the search query, authorization from two or moreusers of the plurality of users to authorize their wellness data to besearchable.
 23. The non-transitory computer-readable storage medium ofclaim 21, further comprising instructions for: denying a search query onwellness data from the plurality of users absent authorization thattheir wellness data is to be searchable.
 24. The non-transitorycomputer-readable storage medium of claim 13 wherein the wellness datais stored in the database of wellness data anonymously.
 25. Anelectronic device, comprising: one or more processors; a memory; andcomputer-executable instructions, wherein the computer-executableinstructions are stored in the memory and configured to be executed bythe one or more processors, the computer-executable instructionsincluding instructions for: receiving, from a plurality of user devices,wellness data authorized for storage to a database of wellness data;storing the wellness data in the database of wellness data; receiving,from a research entity, a request to access the database of wellnessdata; approving the request to access the database of wellness data;receiving, from the research entity, a request to perform a search queryon the database of wellness data; determining whether a user's identitycan be determined or inferred from the search query; in accordance witha determination that a user's identity can be determined or inferredfrom the search query, rejecting the search query; and in accordancewith a determination that the search query is approved: performing thesearch query according to search query rules; and transmitting resultsof the search query to the research entity.
 26. The electronic device ofclaim 25, wherein the wellness data is associated with a plurality ofusers, and wherein an authorization to include the wellness data in thedatabase of wellness data was received from each of the plurality ofusers prior to the wellness data being stored in the database ofwellness data.
 27. The electronic device of claim 25, wherein thecomputer-executable instructions further include instructions for:receiving wellness data of two or more users; and storing the receivedwellness data of the two or more users in the database of wellness data.28. The electronic device of claim 27, wherein the computer-executableinstructions further include instructions for: receiving, before storingthe received wellness data of the two or more users in the database ofwellness data, an authorization from each of the two or more users toinclude the received wellness data in the database of wellness data. 29.The electronic device of claim 25, wherein the computer-executableinstructions further include instructions for: receiving wellness dataof two or more users; and excluding the received wellness data of thetwo or more users from the database of wellness data absent anauthorization from each of the two or more users that their wellnessdata is to be included in the database of wellness data.
 30. Theelectronic device of claim 25, wherein the computer-executableinstructions further include instructions for: receiving wellness dataof two or more users, wherein the wellness data of each of the two ormore users is received from a wellness database located on a user deviceof each user.
 31. The electronic device of claim 30, wherein thecomputer-executable instructions further include instructions for:updating the database of wellness data by receiving one of intermittentand continuous updates from the wellness database located on each user'suser device.
 32. The electronic device of claim 25, wherein the databaseof wellness data comprises metadata associated with the wellness data,wherein the metadata comprises a time the wellness data was recorded, atype of the wellness data, and a device used to record the wellnessdata.
 33. The electronic device of claim 25, wherein the database ofwellness data comprises wellness data from a plurality of users.
 34. Theelectronic device of claim 33, wherein the computer-executableinstructions further include instructions for: receiving, prior toperforming the search query, authorization from two or more users of theplurality of users to authorize their wellness data to be searchable.35. The electronic device of claim 33, wherein the computer-executableinstructions further include instructions for: denying a search query onwellness data from the plurality of users absent authorization thattheir wellness data is to be searchable.
 36. The electronic device ofclaim 25, wherein the wellness data is stored in the database ofwellness data anonymously.